zlib: Buffer overflow
— GLSA 200507-05

A buffer overflow has been discovered in zlib, potentially resulting in the
execution of arbitrary code.

Affected Packages

Package

sys-libs/zlib on all architectures

Affected versions

< 1.2.2-r1

Unaffected versions

>= 1.2.2-r1

Background

zlib is a widely used free and patent unencumbered data
compression library.

Description

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a
buffer overflow in zlib. A bounds checking operation failed to take
invalid data into account, allowing a specifically malformed deflate
data stream to overrun a buffer.

Impact

An attacker could construct a malformed data stream, embedding it
within network communication or an application file format, potentially
resulting in the execution of arbitrary code when decoded by the
application using the zlib library.